---
- name: prepare mount point
  file: state=directory path=/var/lib/copr-keygen

- name: mount up disk of copr repo
  mount: name=/var/lib/copr-keygen src='LABEL=copr-keygen' fstype=ext4 state=mounted
  when: not devel

#- name: mount up disk of copr repo (devel)
#mount: name=/var/lib/copr-keygen src='UUID=9e2b4c55-9ec3-4508-af46-a40f3a5bd982' fstype=ext4 state=mounted
#when: devel

- name: install copr-keygen
  dnf: state=latest name={{ item }}
  with_items:
  - copr-keygen
  notify:
  - restart haveged

- name: install yum
  dnf: name=yum state=latest

- name: change owner of data to copr-signer
  file: path=/var/lib/copr-keygen owner=copr-signer group=copr-signer recurse=yes

- name: put keygen vhost for httpd
  copy: src="httpd/copr-keygen.conf" dest="/etc/httpd/conf.d/copr-keygen.conf"
  notify:
  - reload httpd
  tags:
  - config

- name: put config for signd
  template: src="sign.conf" dest="/etc/sign.conf"
  notify:
  - restart obs-signd
  tags:
  - config

- name: add Install section for signd systemd unit
  lineinfile: dest="/usr/lib/systemd/system/signd.service" line="[Install]"  state=present

- name: ensure services are running
  service: name={{ item }} state=started enabled=yes
  with_items:
  - httpd
  - haveged
  - signd

- name: setup backup
  when: not devel
  import_tasks: "setup_backup.yml"

# Three tasks for handling our custom selinux module
- name: ensure a directory exists for our custom selinux module
  file: dest=/usr/local/share/copr state=directory

- name: copy over our custom selinux module
  copy: src=selinux/copr_rules.pp dest=/usr/local/share/copr/copr_rules.pp
  register: selinux_module

- name: install our custom selinux module
  command: semodule -i /usr/local/share/copr/copr_rules.pp
  when: selinux_module is changed

- selinux: policy=targeted state=enforcing
